Slightly fixed

Can’t tell on the PC which Podcasts you’ve listened to on the Zune (and in general, managing the relationship is sucky)

Now, the PC greys out individual podcasts you’ve listened to, but not the podcast series, so you have to click on each podcast series to see if it’s been listened to.

And if you use this to delete podcasts or a podcast series that you’ve listened to… it doesn’t actually delete them from your hard drive. This is infuriating, because it makes it fundamentally impossible to manage local podcasts.

And all this despite the Zune software warning you that it’s going to delete the series and its episodes PERMANENTLY:

More apps

OK, so there are some more apps. Still want more. But that’s probably not going to happen, because in what appears to be a bout of sheer bloody-mindedness, although XNA Game Studio 3.1 (for Zune HD) is a subset of the functionality of XNA Game Studio 4.0 (for Windows Phone 7), XNA Game Studio 3.1 only works in Visual Studio 2008, and XNA Game Studio 4.0 only works in Visual Studio 2010.

What this means is that a developer can’t build the same project, in one development environment, for Zune HD and Windows Phone 7, even though it would be possible to make the same game work on both platforms with the same source code.

If this isn’t a temporary problem, it’s going to make me and the other five Zune HD users really feel disenfranchised.

White House CIO Vivek Kundra released a memo last month to US Federal CIOs on transitioning to IPv6, at a workshop on the importance of adopting IPv6.

Put simply, the memo gives a timetable for moving the US Federal government to using native IPv6 for all public-facing web and Internet sites. The end of Financial Year 2012 is the deadline for that. There’s also a deadline of end of FY 2014 for all internal client apps to support IPv6.

Here at Texas Imperial Software, we’ve provided basic support for IPv6 in WFTPD and WFTPD Pro for some time.

Because of a lack of significant expressed customer interest, we’ve basically kept the IPv6 support out of the interface, despite a personal interest on my part in supporting IPv6. Now it’s time to change that and bring IPv6 in as an equal platform, rather than hiding it in the background.

Are you interested?

We’re looking for beta testers for this IPv6 support. Drop me a line at betatest@wftpd.com if you are able to test out an IPv6-capable FTP server. Priority is given to registered users, but if you can test out WFTPD or WFTPD Pro, on a native IPv6 network, we’d love to hear from you.

You don’t have to be associated with a government, or even enterprise, just interested, capable, and ready to give your feedback.

Although the new Zune software doesn’t start up the moment I plug in my Zune (maybe I’m missing a setting), the Marketplace Apps listing has come back, along with three new games, “Castles and Cannons”, “Dr. Optics Light Lab”, and “WordMonger”:

I kind of expected that the arrival of the Windows Phone 7 would cause an update to the Zune software interface. Sure enough, as soon as I tried to download a new episode of “The Guild”, an update was forced on me, along with a new licence agreement.

What I didn’t expect was this…

Yes, that’s right, select one of the Genres, either “Games” or “Other”, and this is what you get – “There are no apps for this selection”. I can only presume this is a foul-up by Microsoft, and not an example of “new product comes out, old product goes straight into the bin”.

National Cyber Security Awareness Month is October, and after a brief interruption, I’m continuing my series of posts that dump out some of the basic parts of security that make all the advanced stuff worthwhile.

Passwords are quite a challenge for many people, because they embody a number of things that people are bad at.

Uniqueness A password should be unique, or at the very least sufficiently unusual as to be unguessable. It should also be different from passwords you use at other sites or applications.

Randomness We know that a good password is not predictable, and is generally best when it is chosen at random, rather than using any kind of pattern that might be guessed.

Unpredictability We’re all predictable by those that know us best. So a password has to be something that we made up ourselves, but that no one can imagine that we would make up.

Length The longer you can make a password, the better – but then you have to type it. Practice typing your password quickly. Resist the temptation to use a password made of letters close to one another on the keyboard, because those are words that are guessable. Strange as it may sound, it’s easier to make a password more secure by making it longer than it is to do so by adding funky characters.

Secrecy You shouldn’t share your password with anyone else. You should strongly question anyone who tells you that they need your password. In general, they don’t need it. If they are sufficiently powerful technical support folks, they won’t need your password, and if they aren’t sufficiently powerful, why are you asking them for help?

What is a password?

A password is a proof of identity. It confirms, or validates, who you have already claimed to be. It’s a secret quantity, and the operating system and applications you use spend significant effort to keep that password secret.

What isn’t a password?

Your username, by contrast, is a claim of identity – it’s who you are claiming to be. Your username is not a secret part of your security, just as your name isn’t a secret. It’s all over the place, in public places, and even if you spend the effort to go “off grid”, or to hide your name from the phone books, nobody else is geared up to help you with that process. Similarly, the operating system and applications will not try to hide your username.

This is why renaming the Administrator account, or generating usernames from random sequences of letters and numbers, will not increase security as significantly as the simple act of extending the minimum length of passwords.

What’s like a password?

There are many other concepts that are like a password, such as private keys on a certificate, or the combination to a safe, the key to a drawer or a door.

What’s not like a password?

Other things that you’d think are like a password, but aren’t, include:

Social Security Number This is an identifier. You share it with every organisation that collects taxes or reports on your taxes. Although many companies may behave as if this is a secret like a password, it’s not randomly selected, it’s not unpredictable, it’s short, and it’s shared with a large number of people and organisations. It’s certainly something that companies should keep private, but that’s largely because enough organisations treat it as a secret proof of identity that the exposure of an SSN is enough to allow for ‘identity theft’

Credit Card Number Again, although everyone, including the credit card companies, treat this as a secret, it’s a secret that you give out to everyone with whom you do business. Some credit card companies provide the ability to generate temporary or single-use card numbers, which allows you to reduce how many people have your true card number.

How should I protect my password?

There are numerous password protection and storage programs, for users and for enterprises. The words used to describe these programs are generally things like “safe” or “vault”. Using these programs will allow you to have large numbers of different passwords, which is only a good thing.

Imagine that one of your web sites gets a vulnerability, or has an administrator go bad. They could steal your password – but only for that site. Do you use that password for any other site? It’s very tempting now that most sites use email addresses as identifiers to use the same password as you use for your email account itself, but then that would mean that anyone who stole your password from one web site would be able to have access to all your other web sites, and your email as well.

Next, and I know this goes against what many people will tell you, you need to write some passwords down on a piece of paper.

First, we all carry around a device whose job is to protect small pieces of paper from falling into other people’s hands – it’s called a wallet, or a purse, and we’re all well-used to protecting those small pieces of paper in this fashion. Put a value on each of your passwords, and use this to decide whether to carry it in your wallet, or leave it in the safe, or put it in a safe deposit box.

Second, there will come a time when you have forgotten a password. In a work situation, there are generally easy ways to get your password reset, and you probably won’t lose a whole lot of data as a result. But for your home life, there’s rarely a good recovery store or process, and it will save you time if there’s a lock-box you can go to in order to recover your precious secret.

True story – a friend of mine had an accident that gave him a fractured skull and left him in a dubious state of consciousness for many weeks. He never remembered the passwords he had before the accident, and as a result, had to wipe out several machines rather than log on to them and recover them. He hadn’t written the passwords down or stored them in a safe deposit box, so his family and friends could not maintain his systems for him while he was ‘out’. He even lost his domain name to some domain squatters (though his friends very nicely bought it back for him).

Think about what access you would lose in a similar situation – or what access your family would lose.

Don’t share your passwords, or at the very least, make sure that there’s no easy way for someone to have your passwords and access to use them.

A safe-deposit box, or some other device that can only be retrieved if you are killed, or incapacitated in some way, is really the only place to make your high-value passwords accessible to others.

If you share your passwords with other people, you immediately move any investigation into your computing behaviour from the realms of “innocent until proven guilty” (it couldn’t be you, because your account wasn’t being used) to “guilty until proven innocent” (not only were you disobeying rules by sharing your password, but the activity was traced to your account, making it incredibly difficult for you to prove it wasn’t you that controlled the account at the time).

Finally, and this is especially true if you are writing down passwords, you need to have a plan for changing your passwords in an emergency, and you need to exercise this plan regularly. This means you need to know how to change passwords, write down details of how to change passwords (except in the most obvious cases), and you need to make sure that your understanding of how to change passwords is still accurate.

I personally think that this is the biggest reason that you need to change your passwords regularly – although, if you are the sort of person who wantonly shares passwords, the fact of sharing passwords with another person is reason enough to frequently change them.